Canokey is a project to simulate a smartcard that deals with GPG keys among others. It is able to handle all kinds asymmetric ciphers including elliptic curves.
QEMU has developed a device that emulates and attaches it to a guest over USB. The upstream code needs to be built as there is no readily available package for it. However this is it - the trusted GPG holy-grail that Qubes had for some time now except it supports many more key types.
This is arguably easier to deal with than contorting a GPG key to fit into an emulated TPM.
@HulaHoop
This is my first time hearing about this and it is intriguing ill have to dig in. As of late im now making the switch to KVM since I think it more secure. Oracle seems pretty slow responding to security vulns.
Thank you so much for your work on KVM versions of Whonix/Kicksecure I think this is what project needs to focus on more IMO. Again thx so much for your time effort and work in this area.